UK Cryptography and Information Security
Policy Issues

I take a keen interest in UK government policies on
cryptography and information security. I am often asked where I stand
on a number of issues and this page summarises my position on some of the
issues involved.

Here
is a short paper describing the UK government organisations involved in
cryptography and information security (with a shamelessly biased view of
their effectiveness). This paper is an update of the one I published
on the 'ukcrypto' list.

UK Government Cryptography Policy

June 1996 � The Conservative
Party � Give them what's good for them not what they need

When the previous government first published its
policy on cryptography in June 1996 I provided a
critique of the proposals and ran a web
based survey of views on them with the following
results. These
results suggested that the proposed policy was very unpopular with informed
UK citizens.

I also ran a survey of views on the extent of
acceptable government access to encrypted material on the UK National
Information Infrastructure, with results
that showed that there was only minority support for government access
to encrypted information without the consent of the owner.

April 1998 � The Labour Government
� Government Policy Set By The Civil Service

In April 1998, despite an 'encryption friendly'
pre-election policy which promised no key escrow, the Government announced
a 'key escrow' policy that was little different to that of the previous
government. It is clear that they had swallowed the civil service
propaganda and made a rapid reversal of their policy. These revised
proposals were announced by the Department of Trade and Industry on
27th April 1998 and my response to them is
here. This policy raised many objections from both industry
and private citizens in the UK.

March to May 1999 � The Labour Government
� Government Policy Set By Industry

In early 1999 the Government issued a further
policy paper
entitled "Building Confidence in Electronic Commerce" that was intended
to be more acceptable to industry. But while accepting the need
for a voluntary licensing regime in place of a mandatory one, this paper
still advocated a 'Trusted Third Party (TTP)' approach to confidentiality
services with key escrow.

This generated a storm of protest from both industry
and the public. My own comments are available
here (it is interesting to note that this
paper contains some surprising technical errors. See, for example, the
discussion of key disclosure and self-incrimination and the description
of 'crypto-viral' extortion). The House of Commons Trade and Industry
Committee considered this policy and heard a lot of evidence, the majority
of which was critical. They produced a report that suggested the
need for significant changes in what was being proposed.

In consequence the Government had yet another
rethink and announced in late March that it would drop the key escrow
requirement provided industry came up with an acceptable alternative
approach. The Prime Minister commissioned a rapid high level
study by the Performance and Innovation Unit of the Cabinet Office leading
to a further report published in May 1999 under the heading "Encryption
and Law Enforcement".

I have worked with colleagues in Cyber-Rights
and Cyber-Liberties (UK) to produce a response
to this latest policy initiative, which makes some valuable proposals
but also contains some significant weaknesses. However, provided
its weaknesses can be remedied, it may offer a sound basis on which
to build.

Year 2000 � The Labour Government
� A Policy For The People - Sadly No!

While export controls on encryption products have
now been almost completely removed, the UK government has passed a Bill
in Parliament � the Regulation of Investigatory Powers Act � that includes
provisions to allow a number of UK authorities to seize the encryption
keys belonging to UK citizens. These powers can be used against entirely
honest, law abiding citizens who do not even have to be under suspicion.

The UK Government claims that the keys of honest
citizens are not at risk because they will be able to offer the plaintext
instead of keys but the legislation does not give key owners any such
rights.

While the UK Government has accepted that key
owners should not have to hand over their keys without knowing that
they be safe while in government hands, it has repeatedly refused to
provide the information that key owners need in order to make such an
assessment.In practice, maintaining
the safety and security of keys will be very difficult task and this
will mean that those whose keys are seized will have no choice but to
assume that their security has been compromised as a result.

This legislation will also undermine the majority
of the digital signatures offered by UK citizens. Such signatures will
be untrustworthy where the keys providing them are controlled by pass
phrases that also control access to confidentiality keys. In such situation
the key owners cannot guarantee that they alone have access and this
undermines the integrity of signatures made with their keys.

Other countries, most notably Germany and Ireland,
have explicitly rejected such measures and hence provide a better base
for e-commerce development than the UK.

Export Controls on Cryptographic
Products

A number of governments co-ordinate their export
controls on cryptographic products through an international mechanism
known as the Wassenaar Arrangement.
UK controls on cryptography are often justified by quoting this agreement
but a careful consideration of its provisions shows that it should not
be used to impede genuine civil transactions and trade. But this
is precisely the impact that these cryptographic export controls now
have. I have produced a
paper that analyses the
Wassenaar Agreement and shows that controls on civil cryptographic products
are contrary to its stated objectives.

The White Paper on Strategic Export
Controls

In 1998 the UK government published a
White Paper
setting out its proposals for improving the operation of strategic export
controls in response to the findings of the Scott Report. This
White Paper sets out a number of proposals for improving the effectiveness
of export controls but also includes a proposal to extend the scope
of such controls to include intangible goods, that is, goods such as
software transferred by electronic means.

While the proposals to improve the clarity of
export control objectives are very welcome, the proposal to extend the
scope of controls to intangible goods is a thoroughly bad idea.
In practice there is no well defined boundary that separates 'intangible
goods' on the one hand and 'ideas' on the other and this means that
once we give the government the ability to control intangible goods
we are on a slippery slope which could easily end with the government
controlling the export of ideas as well. This is a dangerous path
to follow:

"I would rather be exposed to the inconveniences
attending too much liberty than to those attending too small a degree
of it." � Thomas Jefferson to Archibald Stuart, 1791.

Quite apart from the principles involved, the
extension of controls to intangible goods could have an enormous and
detrimental impact on research and development in the UK, much of which
is now carried out in an international context. If research and
development teams in universities and industry need licenses in order
to exchange ideas with their overseas colleagues we will very quickly
find that high quality R&D will go elsewhere. This is precisely
what is happening in the United States where efforts to control cryptographic
intangibles have simply resulted in companies setting up laboratories
overseas. The effect has thus been to export high-technology jobs and
this is exactly the effect we can expect in the UK.

Ross
Anderson has produced a
paper expressing
his position on the impact of these proposals on Universities.
I share his concerns and I have accordingly made my position known by
sending an open letter to
the relevant part of the DTI.

It appears that the prospects of direct UK legislation
on intangible exports has now receded only to be replaced by similar
plans for European Community legislation.

Cryptography Policy Principles

Cryptographic algorithms are the creations of
mathematicians, scientists and engineers whose efforts should benefit
the whole of society and not just the privileged few chosen by governments.
The actions of GCHQ and successive UK governments over the last 50 years
to monopolise and control the use of cryptography using secret policies
operated by unaccountable bodies is unjustified, unethical and morally
bankrupt. It is a classic example of the abuse of power that always
results when excessive secrecy is combined with a lack of democratic
accountability and control.

UK government policies on the control of cryptography
must be arrived at though informed public debate leading to a widespread
consensus among informed and interested citizens that: (1) any controls
are truly in their interests as they judge them; and (2) not detrimental
to the development of democracy and human freedom on a global scale.

In the absence (as now) of such a democratically
derived policy I intend to work with other scientists and engineers
of like mind to ensure that any attempt by the UK (or any other government)
to control or limit the development, publication, provision or use of
cryptographic knowledge or technology will fail. Since some
may suggest that this is an anarchist stance I will restate it as "I
prefer democracy in place of anarchy but anarchy in place of dictatorship".

Law Enforcement Access to Keys (LEAK)
and to Encrypted Information

I am prepared to consider any direct evidence
presented to show that UK law enforcement authorities are being hampered
by encryption. I have seen no evidence that this is a current
problem of any significance. Although there may be some future
impact, I believe that the positive benefits of the widespread deployment
of cryptography in crime prevention and detection will far outweigh
any negative impact that this might have.

If there is any law enforcement access requirement
it can only be to encrypted information and not to the keys being used.
There are hence no circumstances in which I support any requirements
for government or law enforcement access to encryption keys. I
support the need for law enforcement authorities to be able to use a
'search warrant' style of access to the decrypted text of encrypted
material but not the keys being used.

Key Recovery

The need to back up cryptographic keys is highly
application dependent and requires a careful consideration of the consequences
of key loss compared with the additional risks involved in keeping spare
copies of keys or the information involved. It is important that
the owners of information protected using encryption are
entirely free to decide for themselves how they wish to guard against
the possibility of key loss or damage.

There is no case for products which make the strength
of the primary cryptography which they offer dependent in some way on
the use of key recovery. There is even less reason for making
export approval dependent on the existence of key recovery mechanisms.
William Reinsch, Head of the US Bureau of Export Administration (speaking
at a recent EPIC conference in Washington) characterised such policies
as 'neither efficient, nor fair, but available', a characterisation
which well illustrates the moral bankruptcy involved.

Here
is a paper I presented on Key Recovery (and Key Escrow) at the EPIC
Cryptography Conference in Washington DC last year.

Key Escrow

I oppose all forms of key escrow that are designed
to provide government or law enforcement access to encryption keys.
I have both ethical and technical objections to such schemes.

Although many democratic countries have institutions
and approaches that can significantly limit and control government abuse
of key escrow capabilities, this is not more generally true and in many
countries these would undoubtedly be used as a means of oppression.
If democratic countries implement such measures they then have no moral
or ethical basis on which to deny these facilities to governments that
will use them against their own citizens.

The ability of encryption to allow people to interact
with each other on a global scale without fear of oppression by their
governments is just about the most potent capability mankind has had
for advancing democracy and human freedom on a global scale. I
consider it a tragedy that the United States in particular, with its
strong tradition of promoting democracy and human freedom, should be
seeking to deny this technology to those who most need it.

I support the conclusions of expert international
cryptographers who have assessed the risks of key escrow and concluded
that they are very significant. In particular I see no economic
or technical basis for successful third party key escrow services. In
order to be economically sound such services will need to support many
clients and this involves holding critical security data in large, network
connected computer systems. Designing and operating such computer
systems to the levels of security this would require is well beyond
the current state of the art.

Although it is possible to reduce the risks by
splitting keys between a number of separate computer systems, the resulting
services will then be prohibitively expensive and uneconomic to provide
or use.

I thus believe that there are no sound commercial
arguments for offering or using third party key escrow services. Third
party key escrow is only necessary in order to meet government requirements
for access to keys; government efforts to promote such services as commercially
sound are simply attempts to meet their own requirements without having
to foot the bill.